Sony Pictures, the movie studio of Sony Corp. (NYSE: SNE), stands to lose millions of dollars from the recent attack by the hacker group known as Guardians of Peace, which posted illegal copies of upcoming Sony movies on file-sharing hubs. Internet users have downloaded more than one million pirated copies of “Fury” and hundreds of thousands of illegal copies of “Annie.” Sony’s recent experience serves as a cybersecurity wake-up call for companies big and small, but it also spells opportunities for acquirers.
“It leaves an empty pit in your stomach,” says Ron Sansom of private equity firm the Riverside Co., regarding security breaches. “You don’t know what to do.”
Like other middle-market sponsors, Riverside has fended off cyber threats in the past. Security for portfolio companies is more a priority now than ever before, since the number of security breaches has climbed.
In addition to Sony, Target (NYSE: TGT), Domino’s Pizza (NYSE: DPZ) and the U.S. Post Office have all been in trouble over breaches in 2014. Financial instituitions have also been plagued with problems in recent years.
FireEye (Nasdaq: FEYE) has even been able to track down attacks within M&A communities. For more than a year, the company has said more than 100 publicly traded companies, law firms, outside consultants and investment bankers have been breached and may have had merger-and-acquisition information stolen.
Recently, federal lawmakers have been prompted to ask large investment banks such as Bank of America Corp., which has dealt with attacks in the past, as well as Wells Fargo & Co., Morgan Stanley and Goldman Sachs Group Inc., to detail their approaches to data security and disclose whether they had been targeted by hackers during the past year.
It's no wonder why many cybersecurity deals have been taking place in recent months. There was Veritas Capital's purchase of BeyondTrust from PE and venture capital firm Insight Venture Partners. BeyondTrust, headquartered in Phoenix, provides cybersecurity software and services to companies and governments. Lockheed Martin’s (NYSE: LMT) acquisition of Industrial Defender Inc. in March and Palo Alto Networks’ (NYSE: PANW) $200 million purchase of Cyvera Ltd. in April. FireEye picked up nPulse Technologies for $70 million in May, while IBM Corp. (NYSE: IBM) bought CrossIdeas and Lighthouse Security Group LLC in July and August, respectively.
The pace of acquisitions isn’t expected to slow down as the urgency to fend against cyber threats continues to grow. Possible M&A targets include Imperva (NYSE: IMPV), Proofpoint (Nasdaq: PFPT) and Lifelock (NYSE: LOCK). All have market caps under $2 billion.
Strategic buyers capable of writing larger checks may circle FireEye and Palo Alto Networks, which have significantly higher market caps. FireEye hovers around $4.8 billion while Palo Alto weighs in with $8.8 billion.
Closer to the middle-market range, there are plenty of startups that could soon find themselves fielding offers. Red Balloon Security, a New York company, has developed technology that protects office equipment from hackers. So far, it has raised $20,000 in seed funding from Microsoft Ventures. Then there’s Socure, also in New York, that raised $2.5 million in October.
As companies consider filling their strategic gaps and as demand for better computer security percolates, they are going to look to targets like these.